Bug 177618

Summary: CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability
Product: Red Hat Enterprise Linux 4 Reporter: Mark J. Cox <mjc>
Component: kdelibsAssignee: Than Ngo <than>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: 4.0CC: karsten, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,reported=20060110,public=20060119:1700,source=vendorsec
Fixed In Version: RHSA-2006-0184 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-19 17:47:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2006-01-12 12:47:45 UTC 
The KDE security team reported:

A heap overflow flaw was discovered affecting kjs, the Javascript
interpreter engine used by Konqueror and other parts of KDE. An attacker
who is able to execute javascript code could trigger this flaw potentially
leading to arbitrary code execution. The Common Vulnerabilities and
Exposures project assigned the name CAN-2006-0019 to this issue.

This issue does not affect RHEL2.1 or RHEL3

Embargoed until January 19th 2006
Comment 5 Red Hat Bugzilla 2006-01-19 17:47:06 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0184.html
Comment 6 Fedora Update System 2006-01-20 16:56:47 UTC 
From User-Agent: XML-RPC

kdelibs-3.5.0-0.4.fc4 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.